<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content=
    "application/xhtml+xml; charset=iso-8859-1" />
    <title>
      vsftpd-3.0.3
    </title>
    <link rel="stylesheet" type="text/css" href="../stylesheets/lfs.css" />
    <meta name="generator" content="DocBook XSL Stylesheets V1.78.1" />
    <link rel="stylesheet" href="../stylesheets/lfs-print.css" type=
    "text/css" media="print" />
  </head>
  <body class="blfs" id="blfs-2020-04-02">
    <div class="navheader">
      <h4>
        Beyond Linux<sup>�</sup> From Scratch <span class="phrase">(System
        V</span> Edition) - Version 2020-04-02
      </h4>
      <h3>
        Chapter&nbsp;20.&nbsp;Major Servers
      </h3>
      <ul>
        <li class="prev">
          <a accesskey="p" href="proftpd.html" title=
          "ProFTPD-1.3.6c">Prev</a>
          <p>
            ProFTPD-1.3.6c
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="mail.html" title=
          "Mail Server Software">Next</a>
          <p>
            Mail Server Software
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="majorservers.html" title=
          "Chapter&nbsp;20.&nbsp;Major Servers">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 2020-04-02">
          Home</a>
        </li>
      </ul>
    </div>
    <div class="sect1" lang="en" xml:lang="en">
      <h1 class="sect1">
        <a id="vsftpd" name="vsftpd"></a>vsftpd-3.0.3
      </h1>
      <div class="package" lang="en" xml:lang="en">
        <h2 class="sect2">
          Introduction to vsftpd
        </h2>
        <p>
          The <span class="application">vsftpd</span> package contains a very
          secure and very small FTP daemon. This is useful for serving files
          over a network.
        </p>
        <p>
          This package is known to build and work properly using an LFS-9.1
          platform.
        </p>
        <h3>
          Package Information
        </h3>
        <div class="itemizedlist">
          <ul class="compact">
            <li class="listitem">
              <p>
                Download (HTTP): <a class="ulink" href=
                "https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz">https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz</a>
              </p>
            </li>
            <li class="listitem">
              <p>
                Download MD5 sum: da119d084bd3f98664636ea05b5bb398
              </p>
            </li>
            <li class="listitem">
              <p>
                Download size: 196 KB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated disk space required: 2 MB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated build time: less than 0.1 SBU
              </p>
            </li>
          </ul>
        </div>
        <h3>
          vsftpd Dependencies
        </h3>
        <h4>
          Required
        </h4>
        <p class="required">
          <a class="xref" href="../basicnet/libnsl.html" title=
          "libnsl-1.2.0">libnsl-1.2.0</a>
        </p>
        <h4>
          Optional
        </h4>
        <p class="optional">
          <a class="xref" href="../postlfs/libcap.html" title=
          "libcap-2.33 with PAM">libcap-2.33 with PAM</a>, and <a class=
          "xref" href="../postlfs/linux-pam.html" title=
          "Linux-PAM-1.3.1">Linux-PAM-1.3.1</a>
        </p>
        <p class="usernotes">
          User Notes: <a class="ulink" href=
          "http://wiki.linuxfromscratch.org/blfs/wiki/vsftpd">http://wiki.linuxfromscratch.org/blfs/wiki/vsftpd</a>
        </p>
      </div>
      <div class="installation" lang="en" xml:lang="en">
        <h2 class="sect2">
          Installation of vsftpd
        </h2>
        <p>
          For security reasons, running <span class=
          "application">vsftpd</span> as an unprivileged user and group is
          encouraged. Also, a user should be created to map anonymous users.
          As the <code class="systemitem">root</code> user, create the needed
          directories, users, and groups with the following commands:
        </p>
        <pre class="root">
<kbd class="command">install -v -d -m 0755 /usr/share/vsftpd/empty &amp;&amp;
install -v -d -m 0755 /home/ftp               &amp;&amp;
groupadd -g 47 vsftpd                         &amp;&amp;
groupadd -g 45 ftp                            &amp;&amp;

useradd -c "vsftpd User"  -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd &amp;&amp;
useradd -c anonymous_user -d /home/ftp -g ftp    -s /bin/false -u 45 ftp</kbd>
</pre>
        <p>
          Build <span class="application">vsftpd</span> as an unprivileged
          user using the following command:
        </p>
        <pre class="userinput">
<kbd class="command">make</kbd>
</pre>
        <p>
          This package does not come with a test suite.
        </p>
        <p>
          Once again, become the <code class="systemitem">root</code> user
          and install <span class="application">vsftpd</span> with the
          following commands:
        </p>
        <pre class="root">
<kbd class=
"command">install -v -m 755 vsftpd        /usr/sbin/vsftpd    &amp;&amp;
install -v -m 644 vsftpd.8      /usr/share/man/man8 &amp;&amp;
install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 &amp;&amp;
install -v -m 644 vsftpd.conf   /etc</kbd>
</pre>
      </div>
      <div class="commands" lang="en" xml:lang="en">
        <h2 class="sect2">
          Command Explanations
        </h2>
        <p>
          <span class="command"><strong>install -v -d ...</strong></span>:
          This creates the directory that anonymous users will use
          (<code class="filename">/home/ftp</code>) and the directory the
          daemon will chroot into (<code class=
          "filename">/usr/share/vsftpd/empty</code>).
        </p>
        <div class="admon note">
          <img alt="[Note]" src="../images/note.png" />
          <h3>
            Note
          </h3>
          <p>
            <code class="filename">/home/ftp</code> should not be owned by
            the user <code class="systemitem">vsftpd</code>, or the user
            <code class="systemitem">ftp</code>.
          </p>
        </div>
        <p>
          <span class="command"><strong>echo "#define VSF_BUILD_TCPWRAPPERS"
          &gt;&gt;builddefs.h</strong></span>: Use this prior to <span class=
          "command"><strong>make</strong></span> to add support for
          <span class="application">tcpwrappers</span>.
        </p>
        <p>
          <span class="command"><strong>echo "#define VSF_BUILD_SSL"
          &gt;&gt;builddefs.h</strong></span>: Use this prior to <span class=
          "command"><strong>make</strong></span> to add support for SSL.
        </p>
        <p>
          <span class="command"><strong>install -v -m ...</strong></span>:
          The <code class="filename">Makefile</code> uses non-standard
          installation paths. These commands install the files in
          <code class="filename">/usr</code> and <code class=
          "filename">/etc</code>.
        </p>
      </div>
      <div class="configuration" lang="en" xml:lang="en">
        <h2 class="sect2">
          Configuring vsftpd
        </h2>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3">
            <a id="vsftpd-config" name="vsftpd-config"></a>
          </h3>
          <h4 class="title">
            <a id="vsftpd-config" name="vsftpd-config"></a>Config Files
          </h4>
          <p>
            <code class="filename">/etc/vsftpd.conf</code>
          </p>
        </div>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3"></h3>
          <h4 class="title">
            <a id="idm140006437736800" name=
            "idm140006437736800"></a>Configuration Information
          </h4>
          <p>
            <span class="application">vsftpd</span> comes with a basic
            anonymous-only configuration file that was copied to <code class=
            "filename">/etc</code> above. While still as <code class=
            "systemitem">root</code>, this file should be modified because it
            is now recommended to run <span class=
            "command"><strong>vsftpd</strong></span> in standalone mode.
            Also, you should specify the privilege separation user created
            above. Finally, you should specify the <span class=
            "command"><strong>chroot</strong></span> directory. <span class=
            "command"><strong>man vsftpd.conf</strong></span> will give you
            all the details.
          </p>
          <pre class="root">
<kbd class="command">cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<code class="literal">background=YES
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/usr/share/vsftpd/empty</code>
EOF</kbd>
</pre>
          <p>
            The vsftpd daemon uses seccomp to improve security by default.
            But it's known to cause vsftpd unable to handle ftp <code class=
            "literal">LIST</code> command with recent kernel versions. Append
            a line to <code class="filename">/etc/vsftpd.conf</code> (as the
            <code class="systemitem">root</code> user) to disable seccomp and
            workaround this issue:
          </p>
          <pre class="root">
<kbd class="command">cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<code class="literal">seccomp_sandbox=NO</code>
EOF</kbd>
</pre>
          <p>
            To enable local logins, append the following to the <code class=
            "filename">/etc/vsftpd.conf</code> file (as the <code class=
            "systemitem">root</code> user):
          </p>
          <pre class="root">
<kbd class="command">cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<code class="literal">local_enable=YES</code>
EOF</kbd>
</pre>
          <p>
            In addition, if using <span class="application">Linux-PAM</span>
            and <span class="application">vsftpd</span> with local user
            logins, you will need a <span class=
            "application">Linux-PAM</span> configuration file. As the
            <code class="systemitem">root</code> user, create the
            <code class="filename">/etc/pam.d/vsftpd</code> file, and add the
            needed configuration changes for <span class=
            "application">Linux-PAM</span> session support using the
            following commands:
          </p>
          <pre class="root">
<kbd class="command">cat &gt; /etc/pam.d/vsftpd &lt;&lt; "EOF" &amp;&amp;
<code class="literal"># Begin /etc/pam.d/vsftpd
auth       required     /lib/security/pam_listfile.so item=user sense=deny \
                                                      file=/etc/ftpusers \
                                                      onerr=succeed
auth       required     pam_shells.so
auth       include      system-auth
account    include      system-account
session    include      system-session</code>
EOF

cat &gt;&gt; /etc/vsftpd.conf &lt;&lt; "EOF"
<code class="literal">session_support=YES
pam_service_name=vsftpd</code>
EOF</kbd>
</pre>
        </div>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3">
            <a id="vsftpd-init" name="vsftpd-init"></a>
          </h3>
          <h4 class="title">
            <a id="vsftpd-init" name="vsftpd-init"></a><span class=
            "phrase">Boot Script</span>
          </h4>
          <p>
            Install the <span class="phrase"><code class=
            "filename">/etc/rc.d/init.d/vsftpd</code> init script</span>
            included in the <a class="xref" href=
            "../introduction/bootscripts.html" title=
            "BLFS Boot Scripts">blfs-bootscripts-20191204</a> package:
          </p>
          <pre class="root">
<kbd class="command">make install-vsftpd</kbd>
</pre>
        </div>
      </div>
      <div class="content" lang="en" xml:lang="en">
        <h2 class="sect2">
          Contents
        </h2>
        <div class="segmentedlist">
          <div class="seglistitem">
            <div class="seg">
              <strong class="segtitle">Installed Program:</strong>
              <span class="segbody">vsftpd</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Libraries:</strong>
              <span class="segbody">None</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Directories:</strong>
              <span class="segbody">/usr/share/vsftpd, /home/ftp</span>
            </div>
          </div>
        </div>
        <div class="variablelist">
          <h3>
            Short Descriptions
          </h3>
          <table border="0" class="variablelist">
            <colgroup>
              <col align="left" valign="top" />
              <col />
            </colgroup>
            <tbody>
              <tr>
                <td>
                  <p>
                    <a id="vsftpd-prog" name="vsftpd-prog"></a><span class=
                    "term"><span class=
                    "command"><strong>vsftpd</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is the FTP daemon.
                  </p>
                </td>
              </tr>
            </tbody>
          </table>
        </div>
      </div>
      <p class="updated">
        Last updated on 2020-03-07 03:40:50 -0600
      </p>
    </div>
    <div class="navfooter">
      <ul>
        <li class="prev">
          <a accesskey="p" href="proftpd.html" title=
          "ProFTPD-1.3.6c">Prev</a>
          <p>
            ProFTPD-1.3.6c
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="mail.html" title=
          "Mail Server Software">Next</a>
          <p>
            Mail Server Software
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="majorservers.html" title=
          "Chapter&nbsp;20.&nbsp;Major Servers">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 2020-04-02">
          Home</a>
        </li>
      </ul>
    </div>
  </body>
</html>
